What's New This is a partial list of new features and systems included in OpenBSD 3.8. For a comprehensive list, see the changelog leading to 3.8.
Improved hardware support, including: New aps driver for the built-in accelerometer found in some IBM ThinkPad laptops. New art driver for Accom Networks Artery T1 and E1 cards. New auixp driver for the ATI IXP series integrated AC'97 audio controller. New ciss driver for Compaq Smart ARRAY 5 and 6 RAID controllers. New epic driver for SMC 83C170 ethernet adapters. New ichwdt driver for Intel 6300ESB ICH watchdog timer. New pcn driver for the AMD Am79c97x (PCnet) ethernet adapters. New safte driver for SCSI Accessed Fault-Tolerant Enclosures, and a rewritten ses driver for SCSI Enclosure Services, both allowing monitoring through sysctl and sensorsd. New ueagle driver for Analog Devices Eagle ADSL modems. New uipaq driver for iPAQ USB serial. New viasio driver for VIA VT1211 LPC Super I/O hardware sensors. New zaudio driver for the built-in Zaurus audio CODEC. Improved com driver for serial port PCMCIA cards, such as cellular modems on Zaurus. Improved support for many umass devices. Updated driver from X.Org for the Intel i810 family graphics chipset, including support for the external VGA output on laptops.
New tools: bioctl(8), a RAID management interface. ipsecctl(8), a simple IPsec management tool. stat(1), displaying file status obtained from stat(2) or lstat(2). hostapd(8), a wireless Host Access Point daemon. ifstated(8), a daemon monitoring ethernet interfaces status. watchdogd(8), companion to the hardware watchdog devices. ztsscale(8), a tool to calibrate the Zaurus touch screen. xidle(1), a tool to run a program on X inactivity. gzsig(1), create and verify cryptographic signatures built into gzip file headers. sasyncd(8), a daemon to synchronize IPSec SA's for failover gateways.
New functionality: mount_udf(8), providing UDF (DVD) filesystem support. Network interface aggregation, using the virtual trunk(4) interface. Partial wide character and locale support in the C and C++ libraries. wd(4) disks have the security feature frozen before being attached to prevent malicious users setting a password that would prevent the contents of the drive from being accessed. On the OpenBSD/sparc64 platform, StackGhost buffer overflow exploit protection has been added. zaudio(4) changes the mute values if the headphones are plugged in or out.
New functionality for ospfd(8), the Open Shortest Path First Daemon: ospfd is now able to redistribute static, connected and default routes. ospfctl is now able to display all relevant information. Interoperability with cisco and Extreme has been improved. Support for parsing and displaying parsed configuration file, similar to bgpd. Support for cryptographic authentication has been added. Interface finite state machine has been reworked, primarily to improve interoperability. The performance of the shortest path first calculation has been improved. Numerous bugs have been discovered and fixed during the last 6 months.
New functionality for bgpd(8), the Border Gateway Protocol Daemon: bgpd is now able to redistribute static and connected routes dynamically. Full route label support; pf(4) can filter based on information bgpd attaches to the routes. An additional per prefix weight has been added used to evaluate prefixes with equal AS path length. New route decision tunable rde med compare always to force bgpd to compare the MED independent of the peer AS. IPv6 support.
Assorted improvements and code cleanup: malloc(3) has been rewritten to use the mmap(2) system call, introducing unpredictable allocation addresses and guard pages, which helps in detecting heap based buffer overflows and prevents various types of attacks. libc(3) source code has been converted to ANSI C. realpath(3) is now thread safe. Several pathname races and potential buffer handling problems have been fixed in pax(1). Problems with signal delivery on OpenBSD/sparc and OpenBSD/sparc64 have been fixed. Reliability of signal handlers using floating point on OpenBSD/i386 and OpenBSD/macppc has been improved. NFS write performance has been improved greatly. Countermeasures against various blind ICMP attacks have been implemented.
OpenSSH 4.2: Adds a new compression method that delays the start of zlib compression until the user has been authenticated successfully. The new method ("Compression delayed") is on by default in the server and eliminates the risk of any zlib vulnerability leading to a compromise of the server from unauthenticated users. Added support for the improved arcfour cipher modes from draft-harris-ssh-arcfour-fixes-02. The improves the cipher's resistance to a number of attacks by discarding early keystream output. Many improvements to connection multiplexing, including a new opportunistic multiplexing mode, automatic fallback to plain connections when multiplexing fails and support for multiplexed X11 and agent forwarding. Many additional bug fixes and improvements, as described in the release announcement.
Over 3200 ports, 3000 pre-built packages, improved package tools.
As usual, many improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers: X.Org 6.8.2 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org) Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches) Perl 5.8.6 (+ patches) Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches) OpenSSL 0.9.7g (+ patches) Groff 1.15 Sendmail 8.13.4, with libmilter Bind 9.3.1 (+ patches) Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches) Sudo 1.6.8p9 Ncurses 5.2 Latest KAME IPv6 Heimdal 0.6.3 (+ patches) Arla 0.35.7 Binutils 2.15 (+ patches) Gdb 6.3